Unencrypted Data Never Rests
Lest you think this kind of thing only happens in the Northern hemisphere, the second largest telco provider in Australia, Optus, recently announced that they had suffered a compromise. (You can read the Reuters article here.) Optus said that a “sophisticated hack” was used to take the personal data including the home addresses, drivers license and passport numbers of over 10 million users. That’s almost half of the people that live in Australia. Optus was also quick to point out that they don’t believe that customer bank account details and passwords were actually accessed.
Putting aside discussion of the sophisticated hack for the moment, let’s talk about the absolutely critical role that encryption at rest should be playing in your cybersecurity plan. Whether we’re talking straight up theft of user data (as in this case), or corporate espionage involving the compromise of IP, or being victimized by a ransomware scheme encrypting your data at rest is one step almost every consumer, and certainly every corporate IT security program should be taking to minimize the bad guy’s ability to cause further chaos and damage after the hack itself.
While regular offsite back-ups are also critical pieces of the incident recovery puzzle, we would argue that encryption at rest is even more important. The reason why is simple. Using properly implemented encryption at rest for your data prevents the bad guys from using or even making any sense of your data in the event they do manage to steal it. Simply put, the bad guys won’t be able to read the secret formula, and they won’t be able to extort you to prevent its release. It’s as simple as that.
Now, properly implemented encryption on a corporate scale is complicated, and requires some discipline involving key management. And while corporate IT shops should (hopefully) have staff that can identify and implement the right encryption solution to fit their needs. Consumers, however, have easy access to this ability right now. OS X has Filevault enabled by default, and Windows users are able to avail themselves of BitLocker.
So if you want to be sure your data is protected even if it ends up in the wrong hands, make sure your systems encrypt your data at rest.